assert "dupe == NULL" failed in uvm_pageW.cA
1 view
Skip to first unread message
syzbot
Dec 18, 2025, 10:08:26 AM (22 hours ago) Dec 18
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 10e7775f0707 Fix race in vmm(4) vm termination path.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1094331a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=c109485bc1f450a87b04
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ebaacd32b9c3/disk-10e7775f.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/095528c11d37/bsd-10e7775f.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d4084e0efc9b/kernel-10e7775f.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c10948...@syzkaller.appspotmail.com
login: panic: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_pageW.cA"R,N IlNiGn:e SP1L4 4NO
T SLtoOWppERedED aOtN SYSCALL 83 1401094560 EXIT 0 a
db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*338023 30313 0 0 0 1 syz-executor
113165 71526 0 0 0 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833b1a7d) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff833ef671,ffffffff833e2949,90,ffffffff8338989c) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pagealloc_pg(fffffd80086f6a38,fffffd806c83b338,1000000000,0) at uvm_pagealloc_pg+0x54b sys/uvm/uvm_page.c:707
uvm_pagealloc(fffffd806c83b338,1000000000,0,3) at uvm_pagealloc+0x252 sys/uvm/uvm_page.c:913
pmap_get_ptp(fffffd806c83b300,200000000000) at pmap_get_ptp+0x1d0 sys/arch/amd64/amd64/pmap.c:-1
pmap_enter(fffffd806c83b300,200000000000,6c7e1000,3,22) at pmap_enter+0x386 sys/arch/amd64/amd64/pmap.c:-1
uvm_fault_upper(ffff80002a270ef0,ffff80002a270f28,ffff80002a270df0) at uvm_fault_upper+0x338 sys/uvm/uvm_fault.c:1131
uvm_fault(fffffd800b0635b8,200000000000,0,2) at uvm_fault+0x198 sys/uvm/uvm_fault.c:635
upageflttrap(ffff80002a271090,200000000240) at upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80002a271090) at usertrap+0x42f sys/arch/amd64/amd64/trap.c:632
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7a71b350d530, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 144
ddb{1}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833b1a7d) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff833ef671,ffffffff833e2949,90,ffffffff8338989c) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pagealloc_pg(fffffd80086f6a38,fffffd806c83b338,1000000000,0) at uvm_pagealloc_pg+0x54b sys/uvm/uvm_page.c:707
uvm_pagealloc(fffffd806c83b338,1000000000,0,3) at uvm_pagealloc+0x252 sys/uvm/uvm_page.c:913
pmap_get_ptp(fffffd806c83b300,200000000000) at pmap_get_ptp+0x1d0 sys/arch/amd64/amd64/pmap.c:-1
pmap_enter(fffffd806c83b300,200000000000,6c7e1000,3,22) at pmap_enter+0x386 sys/arch/amd64/amd64/pmap.c:-1
uvm_fault_upper(ffff80002a270ef0,ffff80002a270f28,ffff80002a270df0) at uvm_fault_upper+0x338 sys/uvm/uvm_fault.c:1131
uvm_fault(fffffd800b0635b8,200000000000,0,2) at uvm_fault+0x198 sys/uvm/uvm_fault.c:635
upageflttrap(ffff80002a271090,200000000240) at upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80002a271090) at usertrap+0x42f sys/arch/amd64/amd64/trap.c:632
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7a71b350d530, count: -12
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002a270a10
rbx 0xffff8000299dee07
rdx 0
rcx 0xffff80003bbe9260
rax 0xffff8000299ddff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0x2850f3fb7c857d7b
r11 0x6b7d5f7db63f8034
r12 0xffff8000299dec08
r13 0
r14 0
r15 0x1
rip 0xffffffff825bde75 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80002a270a00
ss 0
db_enter+0x25: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor) tid=338023 pid=30313 tcnt=3 stat=onproc
flags process=0 proc=0
runpri=86, usrpri=86, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000fffe8d18,0xffff80003bbe82e0
process=0xffff80003c43c028 user=0xffff80002a26c000, vmspace=0xfffffd800b0635b8
estcpu=36, cpticks=8, pctcpu=0.0, user=7, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
99640 402274 19088 0 3 0x80 nanoslp syz-executor
99640 303879 19088 0 3 0x4000080 fsleep syz-executor
99640 257098 19088 0 2 0x4000000 syz-executor
*30313 338023 8985 0 7 0 syz-executor
30313 257913 8985 0 3 0x4000080 fsleep syz-executor
30313 71783 8985 0 2 0x4000000 syz-executor
71526 113165 7193 0 7 0 syz-executor
71526 285919 7193 0 2 0x4000000 syz-executor
7733 78458 49299 0 3 0x80 nanoslp syz-executor
7733 147573 49299 0 3 0x4000080 fsleep syz-executor
7733 479606 49299 0 3 0x4000080 fsleep syz-executor
3200 274336 61895 0 2 0 syz-executor
3200 337652 61895 0 3 0x4000080 fsleep syz-executor
33980 286772 8962 0 2 0 syz-executor
33980 135249 8962 0 3 0x4000080 bell syz-executor
683 520149 92242 0 3 0x80 nanoslp syz-executor
683 444150 92242 0 3 0x4000080 fsleep syz-executor
683 124591 92242 0 3 0x4000080 fsleep syz-executor
683 116977 92242 0 3 0x4000080 kqsel syz-executor
51881 379161 0 0 3 0x14200 acct acct
30352 486640 0 0 3 0x14280 nfsidl nfsio
48304 144598 0 0 3 0x14280 nfsidl nfsio
11138 129860 0 0 3 0x14280 nfsidl nfsio
28474 491990 0 0 3 0x14280 nfsidl nfsio
79813 403266 0 0 3 0x14280 nfsidl nfsio
11893 94764 0 0 3 0x14280 nfsidl nfsio
5723 100449 0 0 3 0x14280 nfsidl nfsio
56621 189144 0 0 3 0x14280 nfsidl nfsio
30224 5901 0 0 3 0x14280 nfsidl nfsio
19320 378127 0 0 3 0x14280 nfsidl nfsio
3907 272329 0 0 3 0x14280 nfsidl nfsio
27369 485938 0 0 3 0x14280 nfsidl nfsio
97406 348149 0 0 3 0x14280 nfsidl nfsio
99120 245849 0 0 3 0x14280 nfsidl nfsio
11546 382575 0 0 3 0x14280 nfsidl nfsio
99420 61713 0 0 3 0x14280 nfsidl nfsio
72598 309839 0 0 3 0x14280 nfsidl nfsio
49282 114224 0 0 3 0x14280 nfsidl nfsio
29601 415006 0 0 3 0x14280 nfsidl nfsio
49218 156943 0 0 3 0x14280 nfsidl nfsio
84149 327825 1 0 3 0x100083 ttyin getty
72438 336711 34644 0 3 0x100082 sbwait arp
34644 153628 52256 0 3 0x10008a sigsusp sh
8962 418862 8694 0 3 0x82 nanoslp syz-executor
92242 198219 8694 0 3 0x82 nanoslp syz-executor
19088 294508 8694 0 3 0x82 nanoslp syz-executor
49299 27067 8694 0 3 0x82 nanoslp syz-executor
7193 520126 8694 0 3 0x82 nanoslp syz-executor
52256 264626 8694 0 3 0x82 wait syz-executor
8985 242443 8694 0 3 0x82 nanoslp syz-executor
61895 237380 8694 0 3 0x82 nanoslp syz-executor
8694 222962 45163 0 3 0x82 kqread syz-executor
45163 44771 79363 0 3 0x10008a sigsusp ksh
79363 159860 28029 0 3 0x98 kqread sshd-session
28029 110793 82577 0 3 0x92 kqread sshd-session
82577 466734 1 0 3 0x88 kqread sshd
97259 248292 86795 74 3 0x1100092 bpf pflogd
86795 335013 1 0 3 0x80 sbwait pflogd
59008 139975 86911 73 3 0x1100090 kqread syslogd
86911 35169 1 0 3 0x100082 sbwait syslogd
10065 286438 1 0 3 0x100080 kqread resolvd
5864 366172 24251 77 3 0x100092 kqread dhcpleased
60710 143210 24251 77 3 0x100092 kqread dhcpleased
24251 104170 1 0 3 0x80 kqread dhcpleased
74857 270639 0 0 3 0x14200 bored smr
27412 520550 0 0 2 0x14200 zerothread
51662 487261 0 0 3 0x14200 aiodoned aiodoned
56536 201206 0 0 3 0x14200 syncer update
80500 163111 0 0 3 0x14200 cleaner cleaner
48805 354986 0 0 3 0x14200 reaper reaper
2071 359783 0 0 3 0x14200 pgdaemon pagedaemon
27328 207138 0 0 3 0x14200 bored viomb
69570 487095 0 0 3 0x40014200 acpi0 acpi0
75337 384926 0 0 3 0x40014200 idle1
12447 154035 0 0 3 0x14200 bored softnet1
29834 233771 0 0 3 0x14200 bored softnet0
62865 502734 0 0 3 0x14200 bored systqmp
57342 463197 0 0 3 0x14200 bored systq
68486 301892 0 0 3 0x14200 tmoslp softclockmp
14141 237921 0 0 3 0x40014200 tmoslp softclock
41517 161194 0 0 3 0x40014200 idle0
1 462419 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 0:
kernel: protection fault trap, code=0
Faulted in DDB; continuing...
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10201 11086K 11548K 166960K 12351 0
pcb 18 12K 12K 166960K 79 0
rtable 148 6K 8K 166960K 379 0
pf 28 16K 81K 166960K 101 0
ifaddr 28 4K 7K 166960K 61 0
ifgroup 43 2K 2K 166960K 89 0
sysctl 4 1K 9K 166960K 11 0
counters 64 36K 37K 166960K 122 0
ioctlops 0 0K 4K 166960K 1694 0
iov 0 0K 17K 166960K 25 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1426 90K 90K 166960K 1906 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 11 0
VM map 2 1K 1K 166960K 2 0
sem 9 0K 0K 166960K 12 0
dirhash 12 2K 2K 166960K 18 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 19 69K 114K 166960K 563 0
sigio 0 0K 0K 166960K 14 0
proc 72 115K 164K 166960K 579 0
subproc 72 4K 4K 166960K 73 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 58 0
in_multi 53 4K 6K 166960K 104 0
ether_multi 1 0K 0K 166960K 3 0
mrt 0 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 79 360K 360K 166960K 79 0
exec 0 0K 1K 166960K 424 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 258 170K 180K 166960K 7385 0
UVM aobj 13 6K 8K 166960K 17 0
pinsyscall 45 90K 106K 166960K 1718 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 33 0
NDP 9 0K 1K 166960K 40 0
temp 43 8668K 8740K 166960K 17221 0
kqueue 15 24K 28K 166960K 92 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 69 0 65 1 0 1 1 0 8 0
rtentry 176 114 0 53 5 0 5 5 0 8 0
unpcb 144 392 0 342 4 0 4 4 0 8 2
syncache 336 3 0 3 1 1 0 1 0 8 0
tcpcb 736 192 0 188 7 0 7 7 0 8 6
arp 136 19 0 8 1 0 1 1 0 8 0
inpcb 328 565 0 554 7 0 7 7 0 8 6
nd6 152 25 0 10 1 0 1 1 0 8 0
pkpcb 40 3 0 3 2 1 1 1 0 8 1
kcovpl 48 8 0 0 1 0 1 1 0 8 0
ppxss 1192 23 0 23 2 1 1 1 0 8 1
pppxif 1504 3 0 3 2 1 1 1 0 8 1
pffrag 232 3 0 1 2 1 1 1 0 482 0
pffrnode 88 3 0 1 2 1 1 1 0 8 0
pffrent 40 39 0 37 2 1 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 1 0 1 1 1 0 1 0 8 0
pfanchor 1288 2 0 0 1 0 1 1 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfstitem 24 38 0 1 1 0 1 1 0 8 0
pfstkey 128 38 0 1 2 0 2 2 0 8 0
pfstate 448 38 0 1 5 0 5 5 0 8 0
pfrule 1344 29 0 24 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 483 0 229 28 1 27 28 0 8 5
art_table 40 484 0 229 5 0 5 5 0 8 0
art_node 32 114 0 59 1 0 1 1 0 8 0
sysvmsgpl 40 4 0 2 1 0 1 1 0 8 0
semapl 112 9 0 2 1 0 1 1 0 8 0
shmpl 112 10 0 2 1 0 1 1 0 8 0
dirhash 1024 21 0 4 3 0 3 3 0 8 0
dino2pl 256 2409 0 906 95 0 95 95 0 8 0
ffsino 296 2409 0 906 117 0 117 117 0 8 0
nchpl 144 3167 0 1470 64 0 64 64 0 8 0
rtmask 32 9 0 9 2 1 1 1 0 8 1
vnodes 216 2851 0 0 159 0 159 159 0 8 0
namei 1024 11121 0 11121 3 2 1 2 0 8 1
percpumem 16 76 0 29 1 0 1 1 0 8 0
vcpupl 3968 3 0 1 1 0 1 1 0 8 0
vmpool 848 4 0 2 1 0 1 1 0 8 0
kstatmem 264 52 0 32 3 1 2 3 0 8 0
scxspl 216 14704 0 14704 4 2 2 2 1 8 2
plimitpl 152 247 0 229 1 0 1 1 0 8 0
sigapl 424 899 0 829 9 1 8 8 0 8 0
knotepl 120 497 0 0 16 0 16 16 0 8 0
kqueuepl 224 227 0 215 5 0 5 5 0 8 4
pipepl 344 155 0 127 3 0 3 3 0 8 0
fdescpl 528 862 0 829 3 0 3 3 0 8 0
filepl 160 5065 0 4805 20 3 17 17 0 8 6
lockfpl 104 450 0 447 4 2 2 3 0 8 1
lockfspl 48 138 0 135 1 0 1 1 0 8 0
sessionpl 144 23 0 14 1 0 1 1 0 8 0
pgrppl 48 40 0 23 1 0 1 1 0 8 0
ucredpl 104 546 0 533 1 0 1 1 0 8 0
zombiepl 144 829 0 829 2 1 1 1 0 8 1
processpl 1232 899 0 829 6 0 6 6 0 8 0
procpl 664 1669 0 1587 8 0 8 8 0 8 0
sosppl 176 2 0 2 1 1 0 1 0 8 0
sockpl 752 1105 0 1040 15 4 11 14 0 8 4
mcl64k 65536 4 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 126 0 0 16 0 16 16 0 8 0
mcl2k 2048 46 0 0 6 0 6 6 0 8 0
mtagpl 96 52 0 0 2 0 2 2 0 8 0
mbufpl 256 245 0 0 16 0 16 16 0 8 0
bufpl 280 5761 0 133 402 0 402 402 0 8 0
anonpl 32 11259 0 0 91 0 91 91 0 246 0
amapchunkpl 152 22823 0 22321 31 1 30 31 0 158 6
amappl16 200 2980 0 2948 34 12 22 22 0 8 15
amappl15 192 3 0 3 1 1 0 1 0 8 0
amappl14 184 18 0 18 1 1 0 1 0 8 0
amappl13 176 444 0 442 1 0 1 1 0 8 0
amappl12 168 1235 0 1190 3 0 3 3 0 8 0
amappl11 160 6 0 6 1 1 0 1 0 8 0
amappl10 152 51 0 37 1 0 1 1 0 8 0
amappl9 144 260 0 260 1 1 0 1 0 8 0
amappl8 136 29 0 27 1 0 1 1 0 8 0
amappl7 128 82 0 81 1 0 1 1 0 8 0
amappl6 120 289 0 274 1 0 1 1 0 8 0
amappl5 112 68 0 58 1 0 1 1 0 8 0
amappl4 104 435 0 402 1 0 1 1 0 8 0
amappl3 96 4265 0 4154 4 0 4 4 0 8 1
amappl2 88 545 0 482 2 0 2 2 0 8 0
amappl1 80 10864 0 10246 15 1 14 15 0 8 0
amappl 88 6548 0 6375 5 0 5 5 0 92 0
uvmvnodes 80 114 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 7 0 7 2 2 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 16 0 4 1 0 1 1 0 8 0
uaddrrnd 24 862 0 829 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 862 0 829 1 0 1 1 0 8 0
vmmpekpl 168 8516 0 8473 3 0 3 3 0 8 0
vmmpepl 168 61278 0 59277 115 8 107 107 0 357 11
vmsppl 488 861 0 829 5 0 5 5 0 8 0
rwobjpl 80 19217 0 18123 33 1 32 32 0 8 4
pdppl 4096 1739 0 1664 110 33 77 83 0 8 2
pvpl 32 18560 0 0 150 0 150 150 0 265 0
pmappl 256 865 0 831 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 300 0 40 8 0 8 8 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff8388cff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x68
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7a94e53a8280, count: 10
ddb{0}> trace
x86_ipi_db(ffffffff8388cff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x68
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7a94e53a8280, count: -5
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x25: addq $0x8,%rsp
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833b1a7d) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff833ef671,ffffffff833e2949,90,ffffffff8338989c) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pagealloc_pg(fffffd80086f6a38,fffffd806c83b338,1000000000,0) at uvm_pagealloc_pg+0x54b sys/uvm/uvm_page.c:707
uvm_pagealloc(fffffd806c83b338,1000000000,0,3) at uvm_pagealloc+0x252 sys/uvm/uvm_page.c:913
pmap_get_ptp(fffffd806c83b300,200000000000) at pmap_get_ptp+0x1d0 sys/arch/amd64/amd64/pmap.c:-1
pmap_enter(fffffd806c83b300,200000000000,6c7e1000,3,22) at pmap_enter+0x386 sys/arch/amd64/amd64/pmap.c:-1
uvm_fault_upper(ffff80002a270ef0,ffff80002a270f28,ffff80002a270df0) at uvm_fault_upper+0x338 sys/uvm/uvm_fault.c:1131
uvm_fault(fffffd800b0635b8,200000000000,0,2) at uvm_fault+0x198 sys/uvm/uvm_fault.c:635
upageflttrap(ffff80002a271090,200000000240) at upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80002a271090) at usertrap+0x42f sys/arch/amd64/amd64/trap.c:632
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7a71b350d530, count: 3
ddb{1}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833b1a7d) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff833ef671,ffffffff833e2949,90,ffffffff8338989c) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pagealloc_pg(fffffd80086f6a38,fffffd806c83b338,1000000000,0) at uvm_pagealloc_pg+0x54b sys/uvm/uvm_page.c:707
uvm_pagealloc(fffffd806c83b338,1000000000,0,3) at uvm_pagealloc+0x252 sys/uvm/uvm_page.c:913
pmap_get_ptp(fffffd806c83b300,200000000000) at pmap_get_ptp+0x1d0 sys/arch/amd64/amd64/pmap.c:-1
pmap_enter(fffffd806c83b300,200000000000,6c7e1000,3,22) at pmap_enter+0x386 sys/arch/amd64/amd64/pmap.c:-1
uvm_fault_upper(ffff80002a270ef0,ffff80002a270f28,ffff80002a270df0) at uvm_fault_upper+0x338 sys/uvm/uvm_fault.c:1131
uvm_fault(fffffd800b0635b8,200000000000,0,2) at uvm_fault+0x198 sys/uvm/uvm_fault.c:635
upageflttrap(ffff80002a271090,200000000240) at upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80002a271090) at usertrap+0x42f sys/arch/amd64/amd64/trap.c:632
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7a71b350d530, count: -12
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 10e7775f0707 Fix race in vmm(4) vm termination path.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1094331a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=c109485bc1f450a87b04
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ebaacd32b9c3/disk-10e7775f.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/095528c11d37/bsd-10e7775f.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d4084e0efc9b/kernel-10e7775f.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c10948...@syzkaller.appspotmail.com
login: panic: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_pageW.cA"R,N IlNiGn:e SP1L4 4NO
T SLtoOWppERedED aOtN SYSCALL 83 1401094560 EXIT 0 a
db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*338023 30313 0 0 0 1 syz-executor
113165 71526 0 0 0 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833b1a7d) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff833ef671,ffffffff833e2949,90,ffffffff8338989c) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pagealloc_pg(fffffd80086f6a38,fffffd806c83b338,1000000000,0) at uvm_pagealloc_pg+0x54b sys/uvm/uvm_page.c:707
uvm_pagealloc(fffffd806c83b338,1000000000,0,3) at uvm_pagealloc+0x252 sys/uvm/uvm_page.c:913
pmap_get_ptp(fffffd806c83b300,200000000000) at pmap_get_ptp+0x1d0 sys/arch/amd64/amd64/pmap.c:-1
pmap_enter(fffffd806c83b300,200000000000,6c7e1000,3,22) at pmap_enter+0x386 sys/arch/amd64/amd64/pmap.c:-1
uvm_fault_upper(ffff80002a270ef0,ffff80002a270f28,ffff80002a270df0) at uvm_fault_upper+0x338 sys/uvm/uvm_fault.c:1131
uvm_fault(fffffd800b0635b8,200000000000,0,2) at uvm_fault+0x198 sys/uvm/uvm_fault.c:635
upageflttrap(ffff80002a271090,200000000240) at upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80002a271090) at usertrap+0x42f sys/arch/amd64/amd64/trap.c:632
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7a71b350d530, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 144
ddb{1}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833b1a7d) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff833ef671,ffffffff833e2949,90,ffffffff8338989c) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pagealloc_pg(fffffd80086f6a38,fffffd806c83b338,1000000000,0) at uvm_pagealloc_pg+0x54b sys/uvm/uvm_page.c:707
uvm_pagealloc(fffffd806c83b338,1000000000,0,3) at uvm_pagealloc+0x252 sys/uvm/uvm_page.c:913
pmap_get_ptp(fffffd806c83b300,200000000000) at pmap_get_ptp+0x1d0 sys/arch/amd64/amd64/pmap.c:-1
pmap_enter(fffffd806c83b300,200000000000,6c7e1000,3,22) at pmap_enter+0x386 sys/arch/amd64/amd64/pmap.c:-1
uvm_fault_upper(ffff80002a270ef0,ffff80002a270f28,ffff80002a270df0) at uvm_fault_upper+0x338 sys/uvm/uvm_fault.c:1131
uvm_fault(fffffd800b0635b8,200000000000,0,2) at uvm_fault+0x198 sys/uvm/uvm_fault.c:635
upageflttrap(ffff80002a271090,200000000240) at upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80002a271090) at usertrap+0x42f sys/arch/amd64/amd64/trap.c:632
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7a71b350d530, count: -12
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002a270a10
rbx 0xffff8000299dee07
rdx 0
rcx 0xffff80003bbe9260
rax 0xffff8000299ddff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0x2850f3fb7c857d7b
r11 0x6b7d5f7db63f8034
r12 0xffff8000299dec08
r13 0
r14 0
r15 0x1
rip 0xffffffff825bde75 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80002a270a00
ss 0
db_enter+0x25: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor) tid=338023 pid=30313 tcnt=3 stat=onproc
flags process=0 proc=0
runpri=86, usrpri=86, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000fffe8d18,0xffff80003bbe82e0
process=0xffff80003c43c028 user=0xffff80002a26c000, vmspace=0xfffffd800b0635b8
estcpu=36, cpticks=8, pctcpu=0.0, user=7, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
99640 402274 19088 0 3 0x80 nanoslp syz-executor
99640 303879 19088 0 3 0x4000080 fsleep syz-executor
99640 257098 19088 0 2 0x4000000 syz-executor
*30313 338023 8985 0 7 0 syz-executor
30313 257913 8985 0 3 0x4000080 fsleep syz-executor
30313 71783 8985 0 2 0x4000000 syz-executor
71526 113165 7193 0 7 0 syz-executor
71526 285919 7193 0 2 0x4000000 syz-executor
7733 78458 49299 0 3 0x80 nanoslp syz-executor
7733 147573 49299 0 3 0x4000080 fsleep syz-executor
7733 479606 49299 0 3 0x4000080 fsleep syz-executor
3200 274336 61895 0 2 0 syz-executor
3200 337652 61895 0 3 0x4000080 fsleep syz-executor
33980 286772 8962 0 2 0 syz-executor
33980 135249 8962 0 3 0x4000080 bell syz-executor
683 520149 92242 0 3 0x80 nanoslp syz-executor
683 444150 92242 0 3 0x4000080 fsleep syz-executor
683 124591 92242 0 3 0x4000080 fsleep syz-executor
683 116977 92242 0 3 0x4000080 kqsel syz-executor
51881 379161 0 0 3 0x14200 acct acct
30352 486640 0 0 3 0x14280 nfsidl nfsio
48304 144598 0 0 3 0x14280 nfsidl nfsio
11138 129860 0 0 3 0x14280 nfsidl nfsio
28474 491990 0 0 3 0x14280 nfsidl nfsio
79813 403266 0 0 3 0x14280 nfsidl nfsio
11893 94764 0 0 3 0x14280 nfsidl nfsio
5723 100449 0 0 3 0x14280 nfsidl nfsio
56621 189144 0 0 3 0x14280 nfsidl nfsio
30224 5901 0 0 3 0x14280 nfsidl nfsio
19320 378127 0 0 3 0x14280 nfsidl nfsio
3907 272329 0 0 3 0x14280 nfsidl nfsio
27369 485938 0 0 3 0x14280 nfsidl nfsio
97406 348149 0 0 3 0x14280 nfsidl nfsio
99120 245849 0 0 3 0x14280 nfsidl nfsio
11546 382575 0 0 3 0x14280 nfsidl nfsio
99420 61713 0 0 3 0x14280 nfsidl nfsio
72598 309839 0 0 3 0x14280 nfsidl nfsio
49282 114224 0 0 3 0x14280 nfsidl nfsio
29601 415006 0 0 3 0x14280 nfsidl nfsio
49218 156943 0 0 3 0x14280 nfsidl nfsio
84149 327825 1 0 3 0x100083 ttyin getty
72438 336711 34644 0 3 0x100082 sbwait arp
34644 153628 52256 0 3 0x10008a sigsusp sh
8962 418862 8694 0 3 0x82 nanoslp syz-executor
92242 198219 8694 0 3 0x82 nanoslp syz-executor
19088 294508 8694 0 3 0x82 nanoslp syz-executor
49299 27067 8694 0 3 0x82 nanoslp syz-executor
7193 520126 8694 0 3 0x82 nanoslp syz-executor
52256 264626 8694 0 3 0x82 wait syz-executor
8985 242443 8694 0 3 0x82 nanoslp syz-executor
61895 237380 8694 0 3 0x82 nanoslp syz-executor
8694 222962 45163 0 3 0x82 kqread syz-executor
45163 44771 79363 0 3 0x10008a sigsusp ksh
79363 159860 28029 0 3 0x98 kqread sshd-session
28029 110793 82577 0 3 0x92 kqread sshd-session
82577 466734 1 0 3 0x88 kqread sshd
97259 248292 86795 74 3 0x1100092 bpf pflogd
86795 335013 1 0 3 0x80 sbwait pflogd
59008 139975 86911 73 3 0x1100090 kqread syslogd
86911 35169 1 0 3 0x100082 sbwait syslogd
10065 286438 1 0 3 0x100080 kqread resolvd
5864 366172 24251 77 3 0x100092 kqread dhcpleased
60710 143210 24251 77 3 0x100092 kqread dhcpleased
24251 104170 1 0 3 0x80 kqread dhcpleased
74857 270639 0 0 3 0x14200 bored smr
27412 520550 0 0 2 0x14200 zerothread
51662 487261 0 0 3 0x14200 aiodoned aiodoned
56536 201206 0 0 3 0x14200 syncer update
80500 163111 0 0 3 0x14200 cleaner cleaner
48805 354986 0 0 3 0x14200 reaper reaper
2071 359783 0 0 3 0x14200 pgdaemon pagedaemon
27328 207138 0 0 3 0x14200 bored viomb
69570 487095 0 0 3 0x40014200 acpi0 acpi0
75337 384926 0 0 3 0x40014200 idle1
12447 154035 0 0 3 0x14200 bored softnet1
29834 233771 0 0 3 0x14200 bored softnet0
62865 502734 0 0 3 0x14200 bored systqmp
57342 463197 0 0 3 0x14200 bored systq
68486 301892 0 0 3 0x14200 tmoslp softclockmp
14141 237921 0 0 3 0x40014200 tmoslp softclock
41517 161194 0 0 3 0x40014200 idle0
1 462419 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 0:
kernel: protection fault trap, code=0
Faulted in DDB; continuing...
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10201 11086K 11548K 166960K 12351 0
pcb 18 12K 12K 166960K 79 0
rtable 148 6K 8K 166960K 379 0
pf 28 16K 81K 166960K 101 0
ifaddr 28 4K 7K 166960K 61 0
ifgroup 43 2K 2K 166960K 89 0
sysctl 4 1K 9K 166960K 11 0
counters 64 36K 37K 166960K 122 0
ioctlops 0 0K 4K 166960K 1694 0
iov 0 0K 17K 166960K 25 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1426 90K 90K 166960K 1906 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 11 0
VM map 2 1K 1K 166960K 2 0
sem 9 0K 0K 166960K 12 0
dirhash 12 2K 2K 166960K 18 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 19 69K 114K 166960K 563 0
sigio 0 0K 0K 166960K 14 0
proc 72 115K 164K 166960K 579 0
subproc 72 4K 4K 166960K 73 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 58 0
in_multi 53 4K 6K 166960K 104 0
ether_multi 1 0K 0K 166960K 3 0
mrt 0 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 79 360K 360K 166960K 79 0
exec 0 0K 1K 166960K 424 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 258 170K 180K 166960K 7385 0
UVM aobj 13 6K 8K 166960K 17 0
pinsyscall 45 90K 106K 166960K 1718 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 33 0
NDP 9 0K 1K 166960K 40 0
temp 43 8668K 8740K 166960K 17221 0
kqueue 15 24K 28K 166960K 92 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 69 0 65 1 0 1 1 0 8 0
rtentry 176 114 0 53 5 0 5 5 0 8 0
unpcb 144 392 0 342 4 0 4 4 0 8 2
syncache 336 3 0 3 1 1 0 1 0 8 0
tcpcb 736 192 0 188 7 0 7 7 0 8 6
arp 136 19 0 8 1 0 1 1 0 8 0
inpcb 328 565 0 554 7 0 7 7 0 8 6
nd6 152 25 0 10 1 0 1 1 0 8 0
pkpcb 40 3 0 3 2 1 1 1 0 8 1
kcovpl 48 8 0 0 1 0 1 1 0 8 0
ppxss 1192 23 0 23 2 1 1 1 0 8 1
pppxif 1504 3 0 3 2 1 1 1 0 8 1
pffrag 232 3 0 1 2 1 1 1 0 482 0
pffrnode 88 3 0 1 2 1 1 1 0 8 0
pffrent 40 39 0 37 2 1 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 1 0 1 1 1 0 1 0 8 0
pfanchor 1288 2 0 0 1 0 1 1 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfstitem 24 38 0 1 1 0 1 1 0 8 0
pfstkey 128 38 0 1 2 0 2 2 0 8 0
pfstate 448 38 0 1 5 0 5 5 0 8 0
pfrule 1344 29 0 24 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 483 0 229 28 1 27 28 0 8 5
art_table 40 484 0 229 5 0 5 5 0 8 0
art_node 32 114 0 59 1 0 1 1 0 8 0
sysvmsgpl 40 4 0 2 1 0 1 1 0 8 0
semapl 112 9 0 2 1 0 1 1 0 8 0
shmpl 112 10 0 2 1 0 1 1 0 8 0
dirhash 1024 21 0 4 3 0 3 3 0 8 0
dino2pl 256 2409 0 906 95 0 95 95 0 8 0
ffsino 296 2409 0 906 117 0 117 117 0 8 0
nchpl 144 3167 0 1470 64 0 64 64 0 8 0
rtmask 32 9 0 9 2 1 1 1 0 8 1
vnodes 216 2851 0 0 159 0 159 159 0 8 0
namei 1024 11121 0 11121 3 2 1 2 0 8 1
percpumem 16 76 0 29 1 0 1 1 0 8 0
vcpupl 3968 3 0 1 1 0 1 1 0 8 0
vmpool 848 4 0 2 1 0 1 1 0 8 0
kstatmem 264 52 0 32 3 1 2 3 0 8 0
scxspl 216 14704 0 14704 4 2 2 2 1 8 2
plimitpl 152 247 0 229 1 0 1 1 0 8 0
sigapl 424 899 0 829 9 1 8 8 0 8 0
knotepl 120 497 0 0 16 0 16 16 0 8 0
kqueuepl 224 227 0 215 5 0 5 5 0 8 4
pipepl 344 155 0 127 3 0 3 3 0 8 0
fdescpl 528 862 0 829 3 0 3 3 0 8 0
filepl 160 5065 0 4805 20 3 17 17 0 8 6
lockfpl 104 450 0 447 4 2 2 3 0 8 1
lockfspl 48 138 0 135 1 0 1 1 0 8 0
sessionpl 144 23 0 14 1 0 1 1 0 8 0
pgrppl 48 40 0 23 1 0 1 1 0 8 0
ucredpl 104 546 0 533 1 0 1 1 0 8 0
zombiepl 144 829 0 829 2 1 1 1 0 8 1
processpl 1232 899 0 829 6 0 6 6 0 8 0
procpl 664 1669 0 1587 8 0 8 8 0 8 0
sosppl 176 2 0 2 1 1 0 1 0 8 0
sockpl 752 1105 0 1040 15 4 11 14 0 8 4
mcl64k 65536 4 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 126 0 0 16 0 16 16 0 8 0
mcl2k 2048 46 0 0 6 0 6 6 0 8 0
mtagpl 96 52 0 0 2 0 2 2 0 8 0
mbufpl 256 245 0 0 16 0 16 16 0 8 0
bufpl 280 5761 0 133 402 0 402 402 0 8 0
anonpl 32 11259 0 0 91 0 91 91 0 246 0
amapchunkpl 152 22823 0 22321 31 1 30 31 0 158 6
amappl16 200 2980 0 2948 34 12 22 22 0 8 15
amappl15 192 3 0 3 1 1 0 1 0 8 0
amappl14 184 18 0 18 1 1 0 1 0 8 0
amappl13 176 444 0 442 1 0 1 1 0 8 0
amappl12 168 1235 0 1190 3 0 3 3 0 8 0
amappl11 160 6 0 6 1 1 0 1 0 8 0
amappl10 152 51 0 37 1 0 1 1 0 8 0
amappl9 144 260 0 260 1 1 0 1 0 8 0
amappl8 136 29 0 27 1 0 1 1 0 8 0
amappl7 128 82 0 81 1 0 1 1 0 8 0
amappl6 120 289 0 274 1 0 1 1 0 8 0
amappl5 112 68 0 58 1 0 1 1 0 8 0
amappl4 104 435 0 402 1 0 1 1 0 8 0
amappl3 96 4265 0 4154 4 0 4 4 0 8 1
amappl2 88 545 0 482 2 0 2 2 0 8 0
amappl1 80 10864 0 10246 15 1 14 15 0 8 0
amappl 88 6548 0 6375 5 0 5 5 0 92 0
uvmvnodes 80 114 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 7 0 7 2 2 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 16 0 4 1 0 1 1 0 8 0
uaddrrnd 24 862 0 829 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 862 0 829 1 0 1 1 0 8 0
vmmpekpl 168 8516 0 8473 3 0 3 3 0 8 0
vmmpepl 168 61278 0 59277 115 8 107 107 0 357 11
vmsppl 488 861 0 829 5 0 5 5 0 8 0
rwobjpl 80 19217 0 18123 33 1 32 32 0 8 4
pdppl 4096 1739 0 1664 110 33 77 83 0 8 2
pvpl 32 18560 0 0 150 0 150 150 0 265 0
pmappl 256 865 0 831 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 300 0 40 8 0 8 8 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff8388cff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x68
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7a94e53a8280, count: 10
ddb{0}> trace
x86_ipi_db(ffffffff8388cff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x68
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7a94e53a8280, count: -5
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x25: addq $0x8,%rsp
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833b1a7d) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff833ef671,ffffffff833e2949,90,ffffffff8338989c) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pagealloc_pg(fffffd80086f6a38,fffffd806c83b338,1000000000,0) at uvm_pagealloc_pg+0x54b sys/uvm/uvm_page.c:707
uvm_pagealloc(fffffd806c83b338,1000000000,0,3) at uvm_pagealloc+0x252 sys/uvm/uvm_page.c:913
pmap_get_ptp(fffffd806c83b300,200000000000) at pmap_get_ptp+0x1d0 sys/arch/amd64/amd64/pmap.c:-1
pmap_enter(fffffd806c83b300,200000000000,6c7e1000,3,22) at pmap_enter+0x386 sys/arch/amd64/amd64/pmap.c:-1
uvm_fault_upper(ffff80002a270ef0,ffff80002a270f28,ffff80002a270df0) at uvm_fault_upper+0x338 sys/uvm/uvm_fault.c:1131
uvm_fault(fffffd800b0635b8,200000000000,0,2) at uvm_fault+0x198 sys/uvm/uvm_fault.c:635
upageflttrap(ffff80002a271090,200000000240) at upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80002a271090) at usertrap+0x42f sys/arch/amd64/amd64/trap.c:632
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7a71b350d530, count: 3
ddb{1}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833b1a7d) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff833ef671,ffffffff833e2949,90,ffffffff8338989c) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pagealloc_pg(fffffd80086f6a38,fffffd806c83b338,1000000000,0) at uvm_pagealloc_pg+0x54b sys/uvm/uvm_page.c:707
uvm_pagealloc(fffffd806c83b338,1000000000,0,3) at uvm_pagealloc+0x252 sys/uvm/uvm_page.c:913
pmap_get_ptp(fffffd806c83b300,200000000000) at pmap_get_ptp+0x1d0 sys/arch/amd64/amd64/pmap.c:-1
pmap_enter(fffffd806c83b300,200000000000,6c7e1000,3,22) at pmap_enter+0x386 sys/arch/amd64/amd64/pmap.c:-1
uvm_fault_upper(ffff80002a270ef0,ffff80002a270f28,ffff80002a270df0) at uvm_fault_upper+0x338 sys/uvm/uvm_fault.c:1131
uvm_fault(fffffd800b0635b8,200000000000,0,2) at uvm_fault+0x198 sys/uvm/uvm_fault.c:635
upageflttrap(ffff80002a271090,200000000240) at upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80002a271090) at usertrap+0x42f sys/arch/amd64/amd64/trap.c:632
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7a71b350d530, count: -12
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages